Vulnerabilities > CVE-2021-24967 - Unspecified vulnerability in Themehunk Contact Form & Lead Form Elementor Builder

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
themehunk

Summary

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads

Vulnerable Configurations

Part Description Count
Application
Themehunk
71